Difference between revisions of "Kube-root-ca.crt configMap"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
 +
kube-root-ca.crt [[configMap]]
  
  
 
* https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
 
* https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
 
  Note:
 
  Note:
  Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that  
+
  Even though the custom [[CA certificate]] may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that  
  certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is  
+
  certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal [[Kubernetes endpoint]] is the Service named kubernetes in the default namespace.
the Service named kubernetes in the default namespace.
 
 
   
 
   
  If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA  
+
  If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
certificate using a ConfigMap that your pods have access to read.
 
  
 +
[[kubectl apply]]
 +
{{is missing}}
  
{{K8s}}
+
 
 +
[[kubectl get configmaps -A]] | grep [[kube-root-ca.crt]]
 +
aqua                          kube-root-ca.crt                                                1      7d20h
 +
[[argocd]]                        kube-root-ca.crt                                                1      7d20h
 +
[[cattle-dashboards]]            kube-root-ca.crt                                                1      7d7h
 +
cattle-fleet-system          kube-root-ca.crt                                                1      7d20h
 +
cattle-impersonation-system  kube-root-ca.crt                                                1      7d20h
 +
cattle-monitoring-system      kube-root-ca.crt                                                1      4h29m
 +
cattle-system                kube-root-ca.crt                                                1      7d20h
 +
default                      kube-root-ca.crt                                                1      7d20h
 +
gatekeeper-system            kube-root-ca.crt                                                1      7d20h
 +
kube-node-lease              kube-root-ca.crt                                                1      7d20h
 +
kube-public                  kube-root-ca.crt                                                1      7d20h
 +
kube-system                  kube-root-ca.crt                                                1      7d20h
 +
local                        kube-root-ca.crt                                                1      7d20h
 +
nginx-ingress                kube-root-ca.crt                                                1      7d20h
 +
nginx-k8s                    kube-root-ca.crt                                                1      7d20h
 +
 
 +
 
 +
== Related ==
 +
[[kubectl get configmaps]]
 +
 
 +
== See also ==
 +
* {{Configmap}}
 +
* {{K8s TLS}}
 +
* {{TLS}}
 +
 
 +
[[Category:K8s]]

Latest revision as of 10:55, 27 September 2023

kube-root-ca.crt configMap


Note:
Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that 
certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is the Service named kubernetes in the default namespace.

If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
kubectl apply
 Warning: resource configmaps/kube-root-ca.crt is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. secret/default-token-7z4zd created
Error from server (Conflict): error when applying patch:
.../...
to:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "kube-root-ca.crt", Namespace: "your-namespace"
for: "your.yaml": Operation cannot be fulfilled on configmaps "kube-root-ca.crt": the object has been modified; please apply your changes to the latest version and try again


kubectl get configmaps -A | grep kube-root-ca.crt
aqua                          kube-root-ca.crt                                                1      7d20h
argocd                        kube-root-ca.crt                                                1      7d20h
cattle-dashboards             kube-root-ca.crt                                                1      7d7h
cattle-fleet-system           kube-root-ca.crt                                                1      7d20h
cattle-impersonation-system   kube-root-ca.crt                                                1      7d20h
cattle-monitoring-system      kube-root-ca.crt                                                1      4h29m
cattle-system                 kube-root-ca.crt                                                1      7d20h
default                       kube-root-ca.crt                                                1      7d20h
gatekeeper-system             kube-root-ca.crt                                                1      7d20h
kube-node-lease               kube-root-ca.crt                                                1      7d20h
kube-public                   kube-root-ca.crt                                                1      7d20h
kube-system                   kube-root-ca.crt                                                1      7d20h
local                         kube-root-ca.crt                                                1      7d20h
nginx-ingress                 kube-root-ca.crt                                                1      7d20h
nginx-k8s                     kube-root-ca.crt                                                1      7d20h


Related[edit]

kubectl get configmaps

See also[edit]

Advertising: